Return-Path: <sentto-279987-2849-1002763749-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Wed, 10 Oct 2001 18:30:08 -0700 (PDT) Received: (qmail 11401 invoked by uid 510); 11 Oct 2001 01:29:00 -0000 Received: from n32.groups.yahoo.com (216.115.96.82) by 204.181.12.215 with SMTP; 11 Oct 2001 01:29:00 -0000 X-eGroups-Return: sentto-279987-2849-1002763749-fc=all.net@returns.onelist.com Received: from [10.1.4.53] by n32.groups.yahoo.com with NNFMP; 11 Oct 2001 01:29:09 -0000 X-Sender: fc@big.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_4_1); 11 Oct 2001 01:29:08 -0000 Received: (qmail 3705 invoked from network); 11 Oct 2001 01:29:08 -0000 Received: from unknown (10.1.10.26) by l7.egroups.com with QMQP; 11 Oct 2001 01:29:08 -0000 Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 11 Oct 2001 01:29:08 -0000 Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id SAA09164 for iwar@onelist.com; Wed, 10 Oct 2001 18:29:07 -0700 Message-Id: <200110110129.SAA09164@big.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 10 Oct 2001 18:29:07 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Software.sought.to.expose.terrorist.cells] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit Software sought to expose terrorist cells Adapting fraud-detection programs is a concern to some privacy advocates BY STEVE JOHNSON Mercury News In a move that has some privacy rights advocates concerned, the Pentagon is hoping to track down terrorists with the help of a growing battery of computer software developed to combat consumer and business fraud. The Defense Advanced Research Projects Agency is trying to design its own version of the software to uncover terrorist cells that are posing as legitimate groups and lying about such things as past employment, education and business affiliations. ``What is needed is intelligent agent software that is capable of reviewing Web sites and identifying implausible or inconsistent information,'' the agency said in an Oct. 2 public notice seeking help from businesses or others to create the software. The public notice is further proof of what Bush administration officials have said will be a different kind of war fought on many fronts. The campaign against terrorism will include not only bombing raids in Afghanistan but also battles waged behind the scenes in this country. According to the defense agency, the software would root out suspicious activity such as ``companies who claim contracts incommensurate with their business history or size, companies who make unverifiable claims, persons who have ``missing periods in their background'' and ``persons whose positions are inconsistent with their experience.'' Other applications The defense agency said the software also would have a wide range of non-military applications, from spotting Medicare fraud to conducting ``business intelligence gathering about their competitors' plans and capabilities.'' Ted Senator, who is listed on the notice as the primary military contact for businesses interested in creating such software, referred all calls about the matter to Jan Walker, a spokeswoman with the agency. She was unable to provide details about the program Tuesday. Based on the sketchy information provided in the notice, the anti-terrorism software concept troubles Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. ``I am concerned that there are going to be individuals pulled into the dragnet who might loosely have a profile that might match that of a terrorist,'' but who are not terrorists, she said. She cited a 1998 brouhaha that erupted over the U.S. Drug Enforcement Administration's analysis of data from an Arizona supermarket chain's customer discount cards. When the agency disclosed that it considered large-scale purchases of small plastic bags as evidence of possible drug dealing, some people were outraged. Ari Schwartz, associate director of the non-profit Center for Democracy & Technology in Washington, D.C., views the Pentagon's software proposal as part of a broad and dangerous push after the Sept. 11 terrorist attacks to bolster surveillance and data gathering on civilians. ``They're trying to roll back the clock to the '50s, '60s and '70s, when there were abuses'' by U.S. government agencies, he said. Wording concerns Schwartz also is concerned about some of the vague language in the notice, including the phrase ``companies who make unverifiable claims.'' He said that could conceivably apply to so many businesses ``that they're going to get way too much information,'' making it difficult to find terrorists. Some of those familiar with existing fraud-detection software say it wouldn't be easy to do what the Pentagon asks. One big problem is that relatively little is known about how terrorists operate, which could make it hard to design software that knows what to look for. Although many businesses ``are just thrilled to death'' with their fraud-detection software, said John Gill of the Association of Certified Fraud Examiners, if it isn't written correctly ``you can get a lot of gibberish.'' But others are optimistic about the defense agency's proposal. ``It really looks like they know what they're doing,'' said Tom Fawcett, a software expert at Hewlett-Packard Labs in Palo Alto, who co-wrote a 1998 paper on using artificial intelligence for fraud detection that was cited as a reference in the notice. Many businesses already use fraud-detection software, which works by essentially spotting things that don't fit normal patterns. Rob Jensen of HNC Software in San Diego said his company's products are widely used by credit card firms to detect fraudulent transactions. If a card that is normally used to only buy clothes at stores suddenly is used to buy lots of expensive electronic gear overseas via the Internet, for example, the software would alert the card company that something could be amiss. Armed with this technology, Jensen said, credit card firms have ``pretty much cut their fraud in half.'' Government agencies increasingly are finding the software useful. The National Security Agency uses it to sift through its massive trove of eavesdropping data to search for spies and terrorists. The FBI is developing similar software to spot hackers attempting to invade government computers. And New Jersey police recently began using software developed by Memex of Scotland to analyze a database they are compiling of people with ties to New Jersey and to the Sept. 11 attacks, according to Chris Byrd, an executive with Memex's U.S. operations. High cost Some data-crunching software can cost hundreds of thousands of dollars. But it sometimes can save a lot more, Byrd said, referring to a 1994 incident when the Defense Intelligence Agency used Memex's software to help analyze worrisome Iraqi military maneuvers. At the time, Iraq's army seemed to be doing many of the same things it did just before it invaded Kuwait four years earlier. But when the agency analyzed all the data, ``We could tell it was not a troop mobilization,'' Byrd said. Moreover, by not having to rush additional military personnel to the region, he said, the U.S. ``saved millions of dollars.'' Contact Steve Johnson at <a href="mailto:sjohnson@sjmercury.com?Subject=Re:%20(ai)%20Software%20sought%20to%20expose%20terrorist%20cells%2526In-Reply-To=%2526lt;B7E9E371.18281%25rforno@infowarrior.org">sjohnson@sjmercury.com</a> or (408) 920-5043 ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:54 PST